Deerfoot Recruitment Solutions Ltd ("the Company") is committed to ensuring that your privacy is protected. This policy sets out how we use the information you provide via this website and our broader recruitment services.
1. Who We Are
Deerfoot Recruitment Solutions Ltd is a recruitment business providing work-finding services. We are registered as a Data Controller in the United Kingdom with the ICO (Registration: Z5184612).
2. Collection and Use of Personal Data
When you use this website or apply for a role, we collect personal data (name, contact details) and sensitive data (CVs, ID documents). We process this to:
- Provide work-finding services and match your skills with vacancies.
- Submit your information to clients for specific job applications.
- Fulfill legal obligations (e.g., Right to Work checks).
- Human Oversight: Deerfoot does not utilise fully automated profiling; all candidate matching involves human intervention by our specialist recruitment consultants.
3. Lawful Basis for Processing
- Legitimate Interest: Matching candidates with suitable vacancies.
- Contractual Necessity: Providing services under our terms of engagement.
- Legal Obligation: Complying with employment and tax laws.
- Consent: Required for "Special Category" data (e.g., health information).
4. Data Security & Cyber Essentials
We are committed to data security. Deerfoot is Cyber Essentials Certified, ensuring our systems meet government-backed standards for technical protection.
- All data is encrypted using AES-256 at rest and TLS 1.3 in transit.
- We use Multi-Factor Authentication (MFA) across all platforms.
- We operate a strict "Clear Desk" policy for any physical documentation.
5. Overseas Transfers
We use industry-leading SaaS platforms. Data may be processed in the USA or Singapore (via RecruitCRM and Cognito Forms). We ensure protection via Transfer Risk Assessments (TRAs) and the UK Extension to the EU-US Data Privacy Framework.
6. Data Retention
- Successful Placements: 6 years minimum for legal and tax purposes.
- Inactive Records: We operate a 2-year managed review cycle. If no engagement occurs for 24 months, data is securely erased unless a legal retention obligation applies.
7. Cookies & Analytics
We use a minimal number of cookies to ensure our website functions correctly.
- Essential Cookies: Required for site features like job searches and application forms.
- Analytics: We use Google Analytics to monitor visitor behaviour. This data is anonymised and is not tied to personally identifiable information.
- Managing Cookies: You can disable cookies in your browser settings. Visit www.aboutcookies.org for guidance.
8. Third-Party Processors
We share data only with verified subprocessors necessary for our services, including RecruitCRM (ATS), Microsoft 365, Cognito Forms, and vetting partners like Tifo/PayStream.
9. Your Rights
Under the UK GDPR, you have the right to Access, Erasure, Rectification, and the Right to Object.
- Subject Access Requests (SARs): We will respond within one month.
- Contact: Please email our DPO, Ben Gordon, at dpo@deerfoot.co.uk.
10. Complaints
If you are unhappy with our data handling, you have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns/
